Major Malware Outbreak

Over the last few weeks, we have seen a major outbreak of a type of malware known commonly as Security 2010. In our experience, the speed of this outbreak’s spread and it’s tremendous reach are unprecedented. For maximum impact, the authors of this pestware have been releasing updated versions every few days to stay ahead of the common database-driven anti-malware programs.

This is the work of highly skilled, well-funded actors. The authors of Security 2010 have managed to infiltrate large numbers of legitimate, heavily visited websites with their infectious mother-ship software. Simply visiting a compromised website is often enough to deliver the malware. In other cases the user will receive an official-looking message stating that spyware has been detected, and that the user should download software to remove it. Following the attached link delivers the malware to the unsuspecting user.

Infected machines will display an legitimate-looking program that runs on startup bearing the name Security 2010, Antivirus Pro 2010, or any of a number of variations on this theme. The program appears to be scanning for, and finding, malware. The software also displays a rotating menu of  scary messages about dangerous malware supposedly found lurking on the system. The whole display is completely bogus. The software also displays a message that the user has an unregistered version installed, and offers a link to register the software, for a hefty fee of course. However, paying these extortionists will NOT make the problem go away. It is all simply a scam intended to separate the user from his or her money. Unfortunately, lots of people have taken the bait and handed over their credit card numbers to these criminals.

Security 2010 thoroughly monopolizes the user’s computer, rendering it essentially useless. The software also employs a number of defensive strategies to defeat removal, including deactivating firewalls, turning off anti-malware software, and disabling standard system-management tools such as the task manager and, more rarely, regedit. It may also disrupt the .exe file association, making it difficult to run executable files.

Beyond rendering your computer unusable, Security 2010 does not appear to be actively malicious. But it opens security holes that leave the computer vulnerable to other malware infections. Left unattended the problems could grow even worse. At Computer Medic, we have developed very effective methods for dealing with the Security 2010 software, and would be happy to assist you if you should become infected by it.

Posted in News, Announcements, and Anecdotes and tagged , , .